Penetration Testing mailing list archives
Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?
From: "Jimmy Brokaw" <hedgie () hedgie com>
Date: Sat, 11 Oct 2008 16:07:09 -0400 (EDT)
Chip Panarchy wrote:
The most helpful ones (apart from the ones explaining how the protocol works and differences between that and SFTP etc.) were the ones that suggested I use; Brutus or Hydra. (oh, and Metasploit)
Both Brutus and Hydra will do brute force attacks. Keep in mind that switching to SFTP will not prevent, or even complicate, a brute force attack, unless you disable password logins on the SFTP server. If he's reluctant to drop FTP, chances are you're going to have a hard time convincing him to create certificates and use them for logging into his server. He's probably more likely to just pick a longer/more complicated password that you're less able to crack. I stand by other posters that cracking the password doesn't demonstrate the vulnerability of FTP nearly as well as sniffing it, simply because FTP's biggest and most frequently exploited vulnerability is that it transmits everything, including passwords, in the clear. -- \\\\\ hedgie () hedgie com \\\\\\\__o Bringing hedgehogs to the common folk since 1994. __\\\\\\\'/________________________________________________________ http://www.hedgie.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Chip Panarchy (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jon Kibler (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? p0liX (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Gustavo Castro (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Chip Panarchy (Oct 11)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jimmy Brokaw (Oct 12)
- RE: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Craig Wilson (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Robin Wood (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jon Kibler (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Adriel Desautels (Oct 12)